CVE-2016-9102 - OpenCVE

Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Qemu	Qemu

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

References

Link	Resource
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff55e94d23ae94c8628b0115320157c763eb3e06
http://www.openwall.com/lists/oss-security/2016/10/27/15	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/10/30/6	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/93962	Third Party Advisory VDB Entry
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html	Mailing List Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html	Patch Third Party Advisory
https://security.gentoo.org/glsa/201611-11	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2016-12-09T22:00:00

Updated: 2018-12-01T10:57:01

Reserved: 2016-10-28T00:00:00

Link: CVE-2016-9102

JSON object: View

NVD Information

Status : Modified

Published: 2016-12-09T22:59:07.670

Modified: 2023-02-13T04:50:15.377

Link: CVE-2016-9102

JSON object: View

Redhat Information

No data.

CWE

CWE-772

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-10T00:00:00", "descriptions": [{"lang": "en", "value": "Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-01T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "GLSA-201611-11", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201611-11"}, {"name": "93962", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93962"}, {"name": "[qemu-devel] 20161010 Re: [PATCH] 9pfs: fix memory leak in v9fs_xattrcreate", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html"}, {"name": "[oss-security] 20161028 CVE request Qemu: 9pfs: memory leakage when creating extended attribute", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/10/27/15"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff55e94d23ae94c8628b0115320157c763eb3e06"}, {"name": "[oss-security] 20161030 Re: CVE request Qemu: 9pfs: memory leakage when creating extended attribute", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/10/30/6"}, {"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-9102", "datePublished": "2016-12-09T22:00:00", "dateReserved": "2016-10-28T00:00:00", "dateUpdated": "2018-12-01T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "F83E2010-6463-407A-928D-DB71A705A04C", "versionEndIncluding": "2.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number."}, {"lang": "es", "value": "Fuga de memoria en la funci\u00f3n v9fs_xattrcreate en hw/9pfs/9p.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (consumo de memoria y ca\u00edda del proceso QEMU) a trav\u00e9s de un gran n\u00famero de mensajes Txattrcreate con el mismo n\u00famero fid."}], "id": "CVE-2016-9102", "lastModified": "2023-02-13T04:50:15.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-09T22:59:07.670", "references": [{"source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff55e94d23ae94c8628b0115320157c763eb3e06"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/10/27/15"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/10/30/6"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93962"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201611-11"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "nvd@nist.gov", "type": "Primary"}]}